APPENDIX 4 



r 

* IPS VPN Tunnel update functions 

* @file updatejunnels.h 

* ©author jmccaskey 
7 

#ifndef UPDATE_TUNNELS H 

#define UPDATE_TUNNELS H 

#include "snmpwalk.h" 

/** 

* Function to update all tunnel related ids for a specific device. 

* The function will find any tunnels involving the device using the passed MySQL connection and 

* then perform the neccesary walking and matching to update the tunnel index ids 

* in the database. 

7 

int update_tunnels(struct ips_device *device, MYSQL *mysql_connection); 
#include "update_tunnels.c" 



#endif 



/** 

* IPS VPN Tunnel update functions 

* @file updatejunnels.c 

* ©author jmccaskey 
7 

I** 

* Function to update all tunnel related ids for a specific device. 

* The function will find any tunnels involving the device using the passed MySQL connection and 

* then perform the neccesary walking and matching to update the tunnel index ids 

* in the database. 
7 

int update_tunnels(struct ipsjJevice *device, MYSQL *mysql_connection) { 
MYSQL_RES 'result; 
MYSQL_ROW row; 
char *sql_query; 
int n; 

assert(sqLquery=malloc(2500)); 

n=snprintf(sql_query, 2500, "SELECT tunnel. tunneljd, tunnel.tunneLserverjd, 

tunneLside_one.tunnel_entryjd as tunneLentryjdJocal, " 

M tunneLside_one.tunnel_entry_serverjd as tunnel_entry_serverjdJocal, " 
"tunnel_side_one.tunneLsidejd as tunnel_side_idJocal, " 
"tunnel_side_one.tunneLside_serverjd as tunnel_side_serverjdJocal, " 
"tunnel_side_one.sa_id as sajdjocal, tunnel_sideJwo.tunneLsidejd as 

tunnel_side_id_remote, M 

"tunnel_side_two.tunnel_side_server_id as tunneLside_server_id_remote, 

tunnel_side_two.sa_id as sajd_remote, " 

"tunnel_sideJwo.tunneLentry_id as tunnel_entry_id_remote, " 
"tunnel_sideJwo.tunneLentry_server_id as tunnel_entry_serverjd_remote, 

device_one.ip_address as ip_addressJocal, " 

"devicejDne.devicejd as devicejdjocal, device_one.device_server_id as 

device_server_id_local, " 

"tunnel_entry_one.tunnel__entry_type as tunnel_entryJypeJocal, " 
"tunnel_entry_two.tunnel_entry_type as tunnel_entry_type_remote, " 
"deviceJwo.ip_address as ip_address_remote " 

"FROM tunnel, tunnel_side as tunnel_side_one, tunnel_side as tunnel_sideJwo, 

"tunnel_entry as tunnel_entry_one, tunnel_entry as tunnel_entry_two, " 
"device as device_one, device as device_two " 
"WHERE tunnel_side_one.tunneljd = tunriel.tunneljd " 
"AND tunneLside_one.tunnel_server_id = tunnel.tunneLserverjd " 
"AND tunnel_sideJwo. tunneljd = tunnel. tunneljd " 
"AND tunnel_side_two.tunnel_serverjd = tunnel.tunneLserverjd " 
"AND NOT(tunnel_sideJwo.tunnel_S!de_id = tunnel_side_one.tunneLside_id " 
"AND tunneLsideJwo.tunnel_side_serveMd = 
tunneLside_one.tunnel_side_serverJd) " 

"AND tunnel_side_one.tunnel_entryJd=tunneLentry_one.tunnel_entryJd " 
"AND 

tunnel_side_one.tunnel_entry_seiverjd=tunnel_entry_one.tunnel_entry_serverjd " 

"AND tunnel_side_two.tunneLentryJd=tunneLentry_two.tunneLentryJd " 
"AND 

tunneLside_two.tunneLentry_serverJd=tunnel_enti7_two.tunneLentry_serverjd " 

"AND tunneLentry_one.devicejd=device_one.devicejd " 
"AND tunnel_entry_one.device_serverJd=device_one.device_serverJd " 
"AND tunnel_entryJwo.device_id=deviceJwo.devicejd " 



"AND tunnel_entry_two.device_serverjd=device_two.device_serverjd " 
"AND device_one.device_id = %s " 

"AND device_one.device_serverjd=%s", device->device_id, device- 

>device_server_id); 

//execute query 
if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for tunnels associated with device: Error: %s\n'\ 
timestamp, mysqLerror(mysql_connection)); 
funlockfile(stderr); 
free(sql_query); 

} 

free(sqLquery); 

//store results from last query into result 
result=mysql_store_result(mysql_connection); 
//setup snmp session options 
session = ips_snmp_sess_init(device); 

indexjiode *inode = NULL; 
//loop through each tunnel_side updating its ids 
wh i I e( row= my sq l_f etc h_ro w( res u It) ) { 
int n; 

char *start_oid, *sql_query; 
queue index_queue; 
queue_init(&index_queue); 

/** Check what type of tunnel we are dealing with and call the walk function */ 
if(strcmp(row[15], "cisco_ipsec")==0) { 

//put each digit of the ip address into a seperate array element 
unsigned char ipaddress[4] = {0, 0, 0, 0}; 
if(row[17]!=NULL){ 

char delim[1] = {'.'}; 
char *pos; 
pos = row[17]; 

//strsep is a gnu c specific extension... it replaces the non thread safe 

(and slower) strtok from ansi c... 

ipaddress[0] = atoi(strsep(&pos, delim)); 
ipaddress[1] = atoi(strsep(&pos, delim)); 
ipaddress[2] = atoi(strsep(&pos, delim)); 
ipaddress[3] = atoi(strsep(&pos, delim)); 

} 

assert(start_oid = malloc(200)); 

//walk the phase 1 oid 
snprintf(start_oid, 200, 
"cipSecPhaseOne.cikeTunnelTable.cikeTunnelEntry.cikeTunRemoteAddr"); 

ips_snmpwalk(device, row[15], start_oid, ipaddress, &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if( count > 0) 

free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 



} 

//update the phase 1 id in db... 
assert(sql_query = malloc(800)); 
if(count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"session_id_one_previous = session_id_one, 

session_id_one = %d " 

"WHERE tunneLsidejd = %s AND 

tunnel_side_serverjd = %s", 

inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching 



session id, insert NULL 

session_id_one = NULL " 
tunnel side server id = %s" 



n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"session_id_one_previous = session_id_one, 



} 

free(inode); 



"WHERE tunneLsidejd = %s AND 
row[4], row[5]); 



//flockfile(stdout); 

//fprintf(stdout, "%s\n", sqLquery); 

//funlockfile(stdout); 

if(mysqLreaLquery(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnel_side: Error: 
%s\n", timestamp, mysql_error(mysqLconnection)); 

funlockfile(stderr); 
free(sql_query); 

} else { 

free( sqLquery); 

} 

assert(start_oid = malloc(200)); 
//walk the phase 2 oid 
snprintf(start_oid, 200, 
"cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunRemoteAddr M ); 

ips_snmpwalk(device, row[15], start_oid, ipaddress, &index_queue, 0); 
free(start_oid); 

//find all Cisco phase 2 monitors related to this tunnel side so they can be updated 
assert(sqLquery = malloc(IOOO)); 

n = snprintf( sqLquery, 1000, "SELECT monitor.monitorjd, 
monitor. monitor_server_id " 

"FROM monitorjunnel, monitor, metric, metric_snmp " 
"WHERE monitor_tunnel.tunneLsidejd=%s AND 
monitorjunnel. tunnel_side_serverjd=%s " 

"AND monitor. monitor jd=monitor_tunnel. monitor jd " 

"AND monitor.monitor_serverJd=monitor_tunnel.monitor_serverjd " 

"AND metric. metric jd=monitor. metric jd " 

"AND metric.metric - serverjd=monitor.metric_server_id " 

"AND metric.suite- snmp' " 



"AND metric_snmp.metricjd=metric.metricjd " 
"AND metric_snmp.metric_serverjd=metric.metric_serverjd " 
"AND metric_snmp. phase = 'two' ", 
row[4], row[5]); 
if(mysql_reaLquery(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to find phase 2 monitors during 
tunnel update: Error: %s\n", timestamp, mysql_error(mysql_connection)); 
funlockfile(stderr); 
free(sql_query); 
} else { 

free(sql_query); 

} 

MYSQL_RES *phase_two_result; 
MYSQL_ROW monitor_row; 

phase_two_result = mysql_store_result(mysqLconnection); 

while(monitor_row=mysql_fetch_row(phase_two_result)) { 
char *sql_query_delete; 
int len; 

assert(sql_query_delete = malloc(8000)); 

//additional where clauses will be appened as we go to avoid deleting the 

' rows that are still in use... 

len = snprintf(sqLquery_delete, 8000, "DELETE FROM 
monitor_tunnel_cisco_phase_2 WHERE monitorjd=%s AND monitor_serverjd=%s", monitor_row[0], 
monitor_row[1]); 

inode = (index_node *) index_queue.head; 
while(inode != NULL) { 

//check if there is already a row for this session id value 

assert(sq!_query = malloc(IOOO)); 

n=snprintf(sqLquery, 1000, "SELECT COUNTf) AS count 

FROM monitor_tunnel_cisco_phase_2 " 

"WHERE monitor_id=%s AND 

monitor_server_id=%s " 

"AND phase_2_id=%d ", monitor_row[0], 

monitor_row[1], inode->value); 

if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 row count: Error: 
%s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 

} else { 

free(sql_query); 

} 

MYSQLJRES *count_result; 
MYSQL_ROW count_row; 

countjresult = mysqLstorej-esult(mysql_connection); 

count_row = mysql_fetch_row(count_result); 

int row_count = atoi(count_row[0]); 

mysql_free_result( countjresult); 

if(row_count < 1) { 

//there is no row for this session id, create one 
assert(sql_query = malloc(800)); 
n=snprintf(sqLquery, 800, "INSERT INTO 



monitor_tunnel_cisco_phase_2 ." 

"(monitorjd, monitor_serverjd, 

phase_2_id, counter, timestamp) " 

"VALUES (%s, %s, %d, 0, 0)", 
monitorjrow[0], monitorjrow[1], 

inode->value); 

if(mysql_reaLquery(mysql_connection, sql_query, n)!=0) . 

{ 

flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to insert into 
monitor_tunnel_cisco_phase_2: Error: %s\n", timestamp, mysq1_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sql_query); 

} 

} 

//update the delete query to not delete this row (since it still is in 

use) 

char *temp_string; 

temp_string = strdup(sql_query_delete); 
len = snprintf(sql_query_delete, 8000, M %s AND 
NOT(phase_2_id=%d) temp_string, inode->value); 

free(temp_string); 

inode = (index_node *)inode->next; 

} 

//execute the delete for all rows for this monitor that were not still in use 
if(mysqLreal_query(mysql_connection, sql_query_delete, len)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to delete old phase 2 rows: Error: 
%s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sqLquery_delete); 
} else { 

free(sql_query_delete); 

} 

} 

//cleanup the queue 
while(index_queue.head != NULL) { 

inode = (index_node *) queue_get(&index_queue); 

free(inode); 

} 

mysql_free_result(phase_two_result); 

} else if(strcmp(row[15], "netscreen_ipsec")==0) { 
assert(start_oid = malloc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, "nsVpnMonTable.nsVpnMonEntry.nsVpnMonSald"); 
ips_snmpwalk(device, row[15], start_oid, row[6], &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

white(index_queue.head != NULL) { 



if(count > 0) 

free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 

} 

//update the phase 1 id in db... 
assert(sql_query = malloc(800)); 
if(count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"sessionJd_one_previous = session_id_one, sessionjd_one = %d " 
"WHERE tunnel_side_id = %s AND tunnel_side_server_id = %s", 
inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sqLquery, 800, "UPDATE tunnel_side SET " 

"sessionjd_one_previous = session_id_one, session_id_one = NULL 

ii 

"WHERE tunnel_sidejd = %s AND tunnel_side_server_id = %s", 
row[4], row[5]); 

} 

free(inode); 

//flockfile(stdout); 
//fprintf(stdout, "%s\n", sqLquery); 
//funlockfile(stdout); 

if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnel_side: Error: 
%s\n", timestamp, mysql_error(mysql_connection)); 
funlockfile(stderr); 
free(sql_query); 
} else { 

free(sqLquery); 



} else if(strcmp(row[15], "altigajpsec")==0) { 
assert(start_oid = malloc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, 
"alActiveSessionTable.alActiveSessionEntry.alActiveSessionlpAddress"); 

ips_snmpwalk(device, row[15], start_oid, row[17], &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if(count>0) 
free(inode); 

inode = (indexjiode *) queue_get(&index_queue); 
++count; 

} 



//update the phase 1 id in db... 
assert(sqLquery = malloc(800)); 
if (count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"sessionjd_one_previous = sessionjd_one, sessionjd_one = %d " 
"WHERE tunneLsidejd = %s AND tunnel_side_serverjd = %s", 
inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"session_id_onejDrevious = session_id_one, sessionjdjDne = NULL 

"WHERE tunneLsidejd = %s AND tunnel_side_server_id = %s", 
row[4], row[5]); 

} 

free(inode); 

//flockfile(stdout); 

//fprintf(stdout, M %s\n" t sql_query); 

//funlockfile(stdout); 

if(mysql_reaLquery(mysql_connection, sqLquery, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunneLside: Error: %s\n", 
timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sqLquery); 
} else { 

free(sql_query); 



} else if(strcmp(row[15], "ips_emulated")==0) { 
assert(start_oid = malloc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, "hrSWRunEntry.hrSWRunlndex"); 
ips_snmpwalk(device, row[15], start_oid, "25977", &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if(inode > 0) 
free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 

} 

//update the phase 1 id in db... 
assert(sql_query = malloc(800)); 
if(count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"sessionJd_one_previous = sessionjd_one, session_id_one = %d " 
"WHERE tunnel_side_id = %s AND tunnel_side_server_id = %s", 
inode->value, row[4], row[5]); 



free(inode); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"session_id_one_previous = session_id_one, session_id_pne = NULL 

■I 

"WHERE tunnel_side_id = %s AND tunnel_side_server_id = %s", 
row[4], row[5]); 

} 

//flockfile(stdout); 

//fprintf(stdout, "%s\n", sql_query); 

//funlockfile(stdout); 

if(mysqLreal_query(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnel_side: Error: %s\n M , 
timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sqLquery); 



assert(start_oid = malloc(200)); 
//walk the phase 2 oid 

snprintf(start_oid, 200, "hrSWRunEntry.hrSWRunName"); 

ips_snmpwalk(device, row[15], start_oid, VapacheV", &index_queue, 0); 
free(start_oid); 

//find all Cisco phase 2 monitors related to this tunnel side so they can be updated 
assert(sql_query = malloc(IOOO)); 

n = snprintf(sql_query, 1000, "SELECT monitor.monitorjd, monitor. monitor_server_id " 

"FROM monitor_tunnel, monitor, metric, metric_snmp " 
"WHERE monitor_tunnel.tunnel_sidejd=%s AND 
monitor_tunnel.tunneLside_serverjd=%s " 

"AND monitor.monitor_id=monitor_tunnel.monitorjd " 
"AND monitor.monitor_serverJd=monitorJunneLmonitor_serverjd " 
"AND metric.metric_id=monitor.metricjd " 
"AND metric.metric_serverjd=monitor.metric_serverjd " 
"AND met^ic.suite= , snmp , " 
"AND metric_snmp.metric_id=metric.metricjd " 
"AND metric_snmp.metric_serverjd=metric.metric_server_id " 
"AND metric_snmp. phase = 'two* ", 
row[4], row[5]); 

if(mysqLreaLquery(mysqLconnection, sqLquery, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 monitors: Error: %s\n", 
timestamp, mysql_error(mysqLconnection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sqLquery); 



MYSQL_RES *phase_two_result; 
MYSQL_ROW monitorjow; 

phase_two_result = mysql_store_result(mysql_connection); 

while(monitor_row=mysqLfetch_row(phase_two_result)) { 
char *sql_query_delete; 
int len; 

assert(sql_query_delete = malloc(8000)); 

//additional where clauses will be appened as we go to avoid deleting the rows that 

are still in use... 

len = snprintf(sqLquery_delete, 8000, "DELETE FROM 
monitor_tunnel_cisco_phase_2 WHERE monitor jd=%s AND monitor_server_id=%s", monitorjrow[0], 
monitor_row[1]); 

inode = (index_node *) index_queue.head; 
while(inode != NULL) { 

//check if there is already a row for this session id value 
assert(sql_query = malloc(IOOO)); 
n=snprintf(sql_query, 1000, "SELECT COUNT(*) AS count FROM 
monitorJunnel_cisco_phase_2 " 

"WHERE monitor jd=%s AND monitor_serverjd=%s " 

"AND phase_2_id=%d ", monitor_row[0], 

monitor_row[1], inode->value); 

MYSQL_RES *count_result; 
MYSQL_ROW count_row; 
int row_count; 

if(mysql_reaLquery(mysql_connection, sql_query, n)!=0) { 
fiockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 
row count: Error: %s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 

free(sql_query); 
row_count = 0; 

} else { 

free(sqLquery); 

count_result = mysql_store_result(mysql_connection); 
countjrow = mysql_fetch_row(countj r esult); 
row_count = atoi(count_row[0]); 
m y sq l_f ree_res u I t(co u n t_res u 1 1) ; 
} 

if(row_count < 1) { 

//there is no row for this session id, create one 
assert(sql_query=malloc(800)); 
n=snprintf(sql_query, 800, "INSERT INTO monitor_tunneLcisco_phase_2 " 
"(monitorjd, monitor_serverjd, phase_2_id, counter, 

timestamp) " 

"VALUES (%s, %s, %d, 0, 0)", 

monitor_row[0], monitor_row[1], 

inode->value); 

if(mysql_reaLquery(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to 
insert into monitor _Junnel_cisco_phase_2: Error: %s\n", timestamp, mysqLerror(mysql_connection)); 

funlockfile(stderr); 



free(sqLquery); 
} else { 

free(sqLquery); 

} 

} 

//update the delete query to not delete this row (since it still is in 

use) 

char *temp_string; 

temp_string = strdup(sql_query_delete); 

len = snprintf(sql_queryjjelete, 8000, M %s AND NOT(phase_2_id=%d) 
temp_string, inode->value); 

free(temp_string); 
inode = (indexjiode *)inode->next; 
} 

//execute the delete for all rows for this monitor that were not still in use 
if(mysql_real_query(mysql_connection, sql_queryjjelete, len)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to delete old phase 2 
rows: Error: %s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query_delete); 
} else { 

free(sql_query_delete); 

} 

} 

//cleanup the queue 
while(index_queue.head != NULL) { 

inode = (index_node *) queue_get(&index_queue); 

free(inode); 

} 

mysql_free_result(phase_twoj r esult); 



} 

//... 

} 

mysql_free_result(result); 
return(O); 

} 



i 



